Full-Disclosure Folds: End of an Era for Security Researchers

In what will prove to be a serious loss for the security researcher community, the administrators of the Full-Disclosure mailing list have decided to shutter the project, not because of legal entanglements or ethical quandaries, but apparently because of one outspoken researcher who has not been identified publicly by the team.

Full-Disclosure was established in 2002 by vulnerability researchers John Cartwright and Len Rose, and they say they knew they would run into problems in such an undertaking, and admittedly they did, but the resource they provided proved to be of unparalleled importance.

“When Len and I created the Full-Disclosure list way back in July 2002, we knew that we’d have our fair share of legal troubles along the way. We were right. To date we’ve had all sorts of requests to delete things, requests not to delete things, and a variety of legal threats both valid or otherwise,” wrote Cartwright in a farewell message. “However, I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.”

The decision to scrap the project seems to have hinged on the team’s problematic interactions with a solitary researcher, again unnamed, who caused them such grief they decided the best move was to just cease all operations.

“I never imagined that request might come from a researcher within the ‘community’ itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I’m done. The list has had its fair share of trolling, flooding, furry porn, fake exploits and DoS attacks over the years, but none of those things really affected the integrity of the list itself,” Cartwright contiued.

“However, taking a virtual hatchet to the list archives on the whim of an individual just doesn’t feel right. That ‘one of our own’ would undermine the efforts of the last 12 years is really the straw that broke the camel’s back.”

Cartwright goes on to lament the changing nature of both the security industry and the those that make up the hacker community, and his words perhaps foreshadow the end of an era for independent security researchers.

“I’m not willing to fight this fight any longer. It’s getting harder to operate an open forum in today’s legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry. I’m suspending service indefinitely. Thanks for playing.”